The instructions below describe how to set up authentication credentials for managing EKS clusters through Banzai Cloud Pipeline.
- Create an AWS user
- Attach policies which grant full access to:
- VPC
- EKS
- EC2
- IAM
- EC2 Pricing
- Stacks
This list allows you to try all features of Banzai Cloud Pipeline. Banzai Cloud offers a more granular list of permissions for its customers that consists of the permissions that are required for the features the customer decides to use.
If you are a Pipeline Enterprise user, see Minimal privileges required for Pipeline in EKS for details.
Create an AWS user 🔗︎
Log in to the AWS Management Console. Click Services and select IAM.
Click Users, then click Add user.
Enter User name and choose Programmatic access
Access type.
Click Next: Permissions to set up permissions for this user:
Choose whether to add a user to a group, copy permissions from an existing user, or attach existing policies directly.
Note: Amazon recommends using groups to manage user permissions.
Attach policies 🔗︎
Attach the following Managed
policies to the group:
- AmazonEC2FullAccess
- IAMFullAccess
- AWSPriceListServiceFullAccess
- IAMUserChangePassword
- AmazonVPCFullAccess
- AmazonS3FullAccess — only necessary if the same credentials are going to be used for S3 bucket creation operations (e.g.: the creation of a new S3 bucket for centralized log collection)
Create the following Inline
policy for the group by clicking on Create Group Policy. Select Custom Policy, then click Select. Provide a policy name (e.g. EKS) and specify the following Policy Document
:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"cloudformation:*"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"eks:*"
],
"Resource": "*"
}
]
}
Click Apply Policy.
Click Next: Review.
Click Create user.
Click Download.csv and save the user’s security credentials to your computer. Banzai Cloud Pipeline will ask for these credentials when creating an EKS cluster.
Then click Close to return to the Users page.